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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1 .1 14. Applicant's submission filed on 2/1/10 
has been entered. 

Claims 1, 2, 5, 10-12, and 14-17 have been canceled. Claims 18-39 have been 

added. 

Response to Amendment 

Claim Objections 

Claims 19-23 and 25-34 are objected to because of the following informalities: 
As per claim 19, the preamble states that encrypted communication occurs using 
a share key. However, no shared key is explicitly created or used in the claim. 

As per claims 22 and 23, they are objected for the same reason as claim 19. 
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As per claim 21 , a third key is defined twice. Also, the shared key is defined 

twice. 

As per claim 28, the shared key is defined again. 

As per claim 29, both the first and second seed values are named 's'. 

Response to Arguments 

Applicant's arguments with respect to claims 18, 19, 22, and 23 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 18-20, 25-27, 30-32, and 35-37 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over USP 5,371 ,794 to Diffie et al., hereinafter Diffie in view of USP 
5,953,420 to Matyas Jr. et al., hereinafter Matyas and in view of USP 4,918,728 to 
Matyas Jr. et al., hereinafter Abraham (second inventor's name to distinguish prior art). 
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As per claim 18, Diffie teaches an encrypted communication system comprising: 
a first device [base Fig. 4a, 103]; 

and a second device [mobile; Fig. 4a, 100], wherein said first device includes: 

a first data generation unit operable to encrypt a first key using a public key of 
said second device to generate first encrypted key data, and transmit the first encrypted 
key data to said second device (col. 7, lines 65-66); 

a first decryption unit operable to receive, from said second device, second 
encrypted key data generated by said second device encrypting a third key using a 
public key of said first device, and decrypt the second encrypted key data using a 
private key of said first device to obtain a second key (col. 8, lines 49-53); 

a first key generation unit operable to perform a predetermined operation using 
the first and second keys, generate a part of a result of the predetermined operation as 
a first encryption key (col. 65-67) 
and 

a first communication unit operable to encrypt first transmission data using the 
first encryption key to generate first encrypted data (col. 7, line 7), apply a one-way 
operation to the first transmission data [CRC; col. 10, lines 5-10] 

and transmit the first encrypted data and the first detection value to said second 
device (col. 10, lines 9-15), 

and said second device includes: 
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a second data generation unit operable to encrypt the third key using the public 
key of said first device to generate the second encrypted key data, and transmit the 
second encrypted key data to said first device (col. 8, lines 49-53); 

a second decryption unit operable to receive, from said first device, the first 
encrypted key data generated by said first device encrypting the first key using the 
public key of said second device, and decrypt the first encrypted key data using a 
private key of said second device to obtain a fourth key (fig. 5a, and col. 8, lines 44-45); 

a second key generation unit operable to perform the predetermined operation 
using the third and fourth keys, generate a part of a result of the predetermined 
operation as a second encryption key (col. 8, lines 43-46); and 

a second communication unit operable to receive the first encrypted data and the 
first detection value (col. 7, line 7, and col. 10, lines 5-15), decrypt the first encrypted 
data using the second encryption key to generate second transmission data [inherently 
what the session key is used for], apply a one-way operation to the second transmission 
data calculate a second detection value [checks the check sum value], compare the first 
and second detection values, and when the first and second detection values match, 
recognize the second transmission data as valid, and when the first and second 
detection values do not match, recognize the second transmission data as invalid (col. 
10, lines 12). 

Diffie teaches generating a session key by XOR'ing two random keys. Diffie 
does not teach that the XOR operation yields more than one key. Matyas teaches two 
keys can be concatenated together and then hashed to achieve a result. The result 
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yields a plurality of keys (fig. 2, and col. 5, lines 60-64). These keys, generated by 
both sides of the communication can then be used to secure data transmission. 
Matyas' method of generating multiple keys can be seen as more efficient than the key 
change as taught by Diffie (col. 10, lines 25-40). Therefore it would have been obvious 
to one of ordinary skill in the art at the time of the invention to substitute Matyas' method 
of generating the many keys needed for securing data transmissions. 

Diffie is silent in explicitly teaching the use of a message authentication codes 
which use a hash key. However the use of MACs is notoriously well known in the art. 
They are known to provide tamper detection in data packets by creating a hash of the 
message with the aid of a hash key. Abraham teaches the method of using a hash key 
with a MAC function to apply a one-way operation [the hash] to transmission data to 
calculated a first detection value [result of the MAC] to be used by the receiver to detect 
tampering of the data packet (col. 43, lines 60-68). It is also well known in the art, how 
the receiver uses the received MAC, to verify the data. As taught by Abraham, the 
receiver has its own sets of keys, uses the same hash key used by the sender to hash 
the received message and compare its calculated value to the received MAC. MACs 
are used to detect tampering and are more secure than check sums. Therefore it would 
have been obvious to one of ordinary skill in the art at the time of the invention to 
substitute the check sums for MACs because they provide a greater level of security. 
MACs simply use encryption keys. Therefore, any of the keys generated by the 
concatenation and subsequent hash could have been used as a hash key. As long as 
both sides pick the same key, tampering can be detected. Matyas teaches a system in 
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which both sides can use keys synchronously. There the result of using hash keys as 
taught by Abraham would have been predictable. 

As per claim 19, it is rejected for the same reasons as claim 18. 

As per claim 20, Diffie teaches said key generation unit determines the result of 
the predetermined operation by performing, as the predetermined operation, an 
exclusive OR operation using the first and second keys (col. 8, line 47). 

As per claims 22 and 23, they are rejected for the same reasons as claim 18. 

As per claims 24-27, 30, and 35, Diffie is silent in explicitly teaching the first 
encryption key and the first hash key are included in a hash calculation result that is 
generated by performing a hash calculation using the concatenated data generated by 
concatenating the first and second keys. This limitation was shown to be taught by 
Matyas (col. 5, lines 60-65) in the rejection of claim 18. Examiner supplies the same 
rationale in rendering these claims obvious as recited in the rejection of claim 18. 

As per claims 31 and 36, they are rejected for the same reasons as recited in the 
rejection of claim 18. Claims 31 and 36 only show the original sending device in the 
role of receiving encrypted data from the original receiver device and it carrying out the 
same tamper detection process that the original receiver performed. It is obvious that 
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both sides of the communication send/receive and use the tamper detection values 
[MAC]. 

As per claims 32 and 37, Diffie teaches an authentication unit operable to 
authenticate the other device, using the first encryption key (col. 9, line 15). 

Claims 33, 34, 38, and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Diffie, Matyas, and Abraham as applied to claims 18 and 19 above, 
and further in view of USP Application Publication 20030041 253 to Matsui et al., 
hereinafter Matsui. 

As per claims 33 and 38, Diffie, Matyas, and Abraham are silent in explicitly 
teaching the authentication unit (i) generates a first authentication value, encrypts the 
first authentication value using the first encryption key to generate a first encrypted 
value, and transmits the first encrypted value to the other device, and (ii) receives, from 
the other device, a second authentication value generated by decrypting the first 
encrypted value using a second encryption key held by the other device, and judges 
whether the first and second authentication values match, and said communication unit 
performs communication with the other device when the authentication values are 
judged to match. Examiner recognizes these steps as an authentication 
challenge/response, known in the art of cryptography. Matsui explicitly teaches this 
well-known procedure (0054) whereby the sender challenges the receiver to prove it 
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possesses knowledge of a shared key, thereby authenticating the receiver. Therefore it 
would have been obvious to one of ordinary skill in the art at the time of the invention to 
implement this authentication procedure within the combined system of Diffie, Matyas, 
and Abraham, because it adds another level of security. Namely, security is increased 
by adding the step of authentication by proving the receiver was able to correctly 
generate the session key. Diffie already teaches mutual authentication and this is 
simply another equivalent and known way of doing so. 

As per claims 34 and 39, Diffie, Matyas, and Abraham fail to teach the 
authentication unit receives, from the other device, a third encrypted value generated by 
encrypting a third authentication value using the second encryption key held by the 
other device, 

decrypts the third encrypted value using the first encryption key to obtain a fourth 
authentication value, and transmits the fourth authentication value to the other device, 
and said communication unit performs the communication when the other device judges 
the third and fourth authentication values to match. Examiner recognizes these 
limitations as the other side of the mutual authentication initiated by the original receiver 
side. The process is the same as that of claims 33 and 38. It is just from the original 
sender's point of view in proving itself to the original receiver. Thus, the other half of the 
mutual authentication is now claimed. Therefore, Examiner supplies the same rationale 
as recited in the rejection of claims 33 and 38 because the process is the same. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/M. R. V./ 

Examiner, Art Unit 2431 



/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 



